Use VPN Part 2 "Set a VPN server"
07
08
Use VPN Part 2 "Set a VPN server"
For the second time in the commentary series that uses VPN in Android, I will install the VPN server.However, the VPN server will be installed on the Windows machine (non -Windows Server), and the Internet connection environment is "Broadband Router"+"Local Network", which is a general composition of private homes.In addition, the machine that installs the VPN server shall always be able to connect to the Internet at all times, and in principle, it is set not to sleep.
As a VPN software, use "SoftEther VPN" that is free and available.The reason for using this is that it is free, but there is a free dynamic DNS service, and even if you use a general ISP where the IP address assignment is not fixed, you can connect to the VPN server from the go.is.It is also an advantage that there are many client -side compatible platforms, such as supporting Windows RT, which cannot install androids and desktop applications.
First, download and install the server software.Also, for Windows and Linux, there are also dedicated clients, so you can install them as needed.However, since this series is for Android, we do not explain the installation and settings of Windows and Linux clients.
・ Softeter vpnhttp:// JA.softetyer.org/
・ Software download http: // JA.softetyer.Org/5-Download
Download and install the Windows version of server software (SoftEther VPN Server and VPN Bridge) from the SoftEther VPN site.
If the installation is completed and the last display (Photo 01) is on, "Softeter VPN Server Management Manager" is turned on, the management tool "SoftEther VPN Server Manager" will start (Photo 02).。Set the settings from here.Confirm that "LOCALHOST (this server)" is selected in the list and press the "Connect" button.The first is the server management password setting.It will be needed for subsequent management, so keep it in something so that you do not forget it.
Photo 01: In the window after installation, there is an item "Start Softeter VPN Server Management Manager", and when this is turned on, the management manager starts.Set the settings from this management manager |
Photo 02: The server management manager has an item called "LOCALHOST (this server)," and press the "Connect" button.After this, there is a management password setting |
Next, the "Simple Setup" window (Photo 03) is displayed. Check the "Remote Access VPN Server" and press the "Next" button.
Photo 03: On the simple setup screen, check the "Remote Access VPN Server" and proceed with "Next". |
The next setting item is "Virtual Hub name", but this can be left as "VPN".In the following explanation, the virtual Hub name is VPN, so if you register with a different name, please read the explanation as appropriate.
Next is the dynamic DNS setting (Photo 04).Dynamic DNS is a function that allows the Internet side to always access the DNS server on the DNS server on the Internet side when using an ISP that is not a fixed IP assignment.SoftEtherVPN has a free dedicated dynamic DNS service and automatically registers an IP address.In order to use this, you must register the host name.The recommended host name is presented near the center of the window.Press the "Close" button as it is to complete the registration.The host name can be set freely within the rules, but you cannot use the name that overlaps with others.So, if you change this, you need to change it several times to find a available name.
Photo 04: In the dynamic DNS function, use the presented name (change part of the dynamic DNS host name) as it is or specify the name yourself. |
Next is the setting of the VPN connection method (Photo 05).Here, check "Enable the L2TP server function" and set the "IPsec Preliminary Shared Key" at the bottom left of the window.IPsec pre -shared keys are information for correctly recognizing clients, so I will record them here."IPsec Preliminary Shared Key" is used to set up android later.
Photo 05: In "IPSEC/L2TP/Ethernip/L2TPV3 settings", the check box for "Enable L2TP server function" is turned on and specified the appropriate shared key in the "IPsec pre -shared key" at the bottom of the screen.The VPN server allows the connection from the client with the same shared key, but the encrypted key etc. will be different, so set an appropriate name (but it is hard to guess). |
The next setting is "VPN Azure Service Settings" (Photo 06).This is required when the VPN server is inside the firewall or on the Windows RT machine, but this service is also free, so turn on "Enable VPN Azure" at the bottom left of the window.。Then, the "VPN Azure service name" using the name set in the dynamic DNS is displayed.The host name displayed here is used in the settings, so it is better to record it.However, it is not used in the Android VPN settings.
Photo 06: The setting of the VPN Azure service does not need to be set if it is only connected to the Android, but it is necessary to set it if it is difficult to change the firewall settings or use Windows RT for clients.Even if you set it, there will be no adverse effects, so it would be better to set it. |
The last is "Execution of simple setup" (Photo 07).Here, "Create users to accept VPN connections" and "Local bridge settings".First, press the "Create user" button.
Photo 07: Since it will be the "Execution of a simple setup" screen, first press the "Create User" button to create a user. |
In "Create user" (Photo 08), set "User name", "Password", and "Confirm password".Both are information required for client connection, so I will record them.You can also set other items "real name" or "explanation".Press the OK button to display the user management window. After checking the registration on the list, press the "Close" button.
Photo 08: Set the username and password (also confirmation input).You don't have to set up elsewhere, so you shouldn't touch it to avoid trouble.Make sure that the authentication method is "password authentication" |
In the next "Running Simple Setup", select a network adapter (a network adapter connected to the Internet) to be connected to VPN (Photo 09) and press the "Close" button.increase.
Photo 09: Return to the screen of Photo 07 again, so this time, select the network adapter connected to the network at home in "Setting Local Bridge".Finally, finish the settings with the "Close" button |
The setting is over.Since the server management manager window (Photo 10) should be displayed, make sure that the status of VPN, a virtual HUB, is "online" and put the "close" button.The VPN server is operating as a Windows service, so the management manager window can be closed.
Photo 10: It becomes the management screen of the server management manager.If the list is "online" in this state, the VPN server is working.If there is no problem, close the window with the "Close" button in the lower right |
Broadband router settings
The VPN server is now working, but the broadband router is generally set to refuse connections from the Internet, including the VPN server.In addition, "NAT" is running due to Internet connection from multiple machines on the LAN side.Therefore, change the router settings and pass the packet from the Internet to the VPN server.
Passing is TCP, the port number is the following IPsec port and the port number in the "listener list" at the bottom left of the server management manager.
★IPsec用ポート番号5004500★SoftEther VPNの標準リスナーポート44399211945555Here, we will introduce the settings on NEC's Aterm WR8600N as a sample.In this model, use the function "Port Mapping" to transfer the packet to reach the port number to the machine (IP address of the VPN server).In addition, check the IP address of the machine that the VPN server is running before setting.
The WR8600N can be set from the web browser.After opening the setting page, open "Detailed Settings" ⇒ "Port Mapping Settings".Use the "Add" button to set the TCP port number for the IP address of the VPN server (Photo 11).In WR8600, it is not possible to specify an unexpected port number in one setting item, so register it as multiple items (Photo 12).
Photo 11: In the case of the NEC Aterm series, select "Detailed Settings" ⇒ "Port Mapping Function" and add a NAT entry to enable access to the VPN server.Here the LAN host is the host of the machine that operates the VPN server.The protocol specifies the TCP, and the port number is the port number (in the listener list of the server management manager).Priority is specified other than the priority that has already been registered with the Aterm series specific configuration value. |
Photo 12: Aterm's port mapping function must be registered as multiple entries for non -continuous port numbers, so register all necessary ports.This list is lined up in the order of priority, and high -priority ones are applied first.However, note that the same number as the priority already registered at the time of registration cannot be used. |
After that, save the settings and the router settings are completed.The name and setting method are different for other companies' routers, but in principle, if a TCP packet comes to the specified port number, the packet will be transferred to the VPN server machine.It is generally called "port forward" or "port mapping".
Once the router setting is completed, the VPN server will be accessible from the Internet side.To perform a test, you can't try it from inside the LAN inside, so you need an Internet connection method (for example, access by mobile phone) from your home Internet connection.Tests can be performed on devices other than Androids such as PCs, so if the equipment is available, you can finish the VPN connection test first.If you check the operation of the VPN server, it will be easier to deal with trouble when connecting android.Because, if you know that the VPN server is running, you can first check the Android side.That's why next time, we plan to explain the android settings and connection tests.
